
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Server Installation
|
245
Checking Your Server
If setting up your database server feels like as much work as raising cattle, but with-
out the glamor, you may mix business with pleasure and perform some virtual cow
tipping: sneak up on your database server and try to push it over. From outside your
firewall, see if nmap can prod port 3306. Have nessus poke MySQL holes, including a
missing root password or insecure server version. A search for MySQL at http://cgi.
nessus.org/plugins/search.html shows nine separate plug-ins.
Some tools that I have not yet tested, yet look promising, include http://www.zone-h.org/
files/49/finger_mysql.c and a commercial vulnerability assessor called AppDetective
(http://www.appsecinc.com/products/appdetective/mysql/).
The MySQL Configuration File
The file /etc/my.cnf contains overall directives for the MySQL server. Here are the
contents of a simple one:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
[mysql.server]
user=mysql
basedir=/var/lib
[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
datadir is the directory containing the database directories and files. socket is the file
name of the Unix-domain socket for MySQL to use for local connections.
user is the
Unix user who runs the database, and should not be root.